Chi­nese firm re­calls prod­ucts linked to cy­ber­at­tack

A Chi­nese elec­tron­ics com­po­nent maker is re­call­ing 4.3 mil­lion in­ter­net-con­nected cam­era prod­ucts from the US mar­ket amid claims they may have played a role in last week’s mas­sive in­ter­net dis­rup­tion.

Hangzhou Xiong­mai Tech­nol­ogy said on Mon­day that it was re­call­ing ear­lier mod­els of four kinds of cam­eras due to a se­cu­rity vul­ner­a­bil­ity that can make them easy to hack.

Mil­lions of in­ter­net users lost ac­cess to some of the world’s most popular web­sites last week after hack­ers ham­mered servers along the US East Coast with phony traf­fic un­til they crashed, then moved west­ward.

Se­cu­rity ex­perts said easy-to-guess de­fault pass­words, used on Xiong­mai we­b­cams, aided the hack­ers who caused the dis­rup­tion.

“The main se­cu­rity prob­lem is that users aren’t chang­ing the de­vice’s de­fault pass­words,” Xiong­mai said in a Chi­ne­se­lan­guage state­ment posted on­line.

The com­pany re­jected sug­ges­tions that its we­b­cams made up the bulk of the de­vices used in the at­tacks.

“Se­cu­rity is­sues are a prob­lem fac­ing all mankind,” it said. “Since in­dus­try gi­ants have ex­pe­ri­enced them, Xiong­mai is not afraid to ex­pe­ri­ence them once, too.”

Ac­cord­ing to se­cu­rity firm Flash­point, mal­ware known as Mi­rai has been ex­ploit­ing the prod­ucts from Xiong­mai to launch mas­sive dis­trib­uted de­nial-of-ser­vice at­tacks, in­clud­ing the one on Oct 21 that slowed ac­cess to many popular sites, in­clud­ing Net­flix, PayPal, and Twit­ter.

Com­pa­nies ob­serv­ing the dis­rup­tion said bot­nets pow­ered by the Mi­rai mal­ware were at least partly re­spon­si­ble for the at­tack.